Multi-factor authentication (MFA) solutions or, two-factor authentication solutions, require a user to satisfy two or more conditions before receiving permission to access applications, APIs or services online. For a successful authentication process, users must present something they know such as a passcode, something they have such as a push notification, and/or something they are, such as a fingerprint or facial recognition scan.
MFA solutions enable secure network access
Authenticating a user’s identity is a critical step in securing an organization’s network, data, and systems from attack. In 2024, approximately 80% of data breaches today involve stolen or compromised credentials, and increasingly sophisticated attacks can cost organizations millions of dollars in damages, not to mention loss of opportunity, loss of reputation, and loss of business continuity.
Multi-factor authentication (MFA) solutions offers enhanced security over traditional password-only authentication methods. By requiring two types of proof that a user is legitimate, MFA solutions can help to significantly reduce the likelihood of a breach. Yet, MFA authentication isn’t perfect. Some traditional MFA methods, particularly SMS OTP and push-based MFA, can be bypassed using advanced phishing and social engineering techniques. MFA services built on the FIDO2 standard offer greater protection, but they can make access management harder for both users and administrators.
Akamai MFA solves the challenges of multi-factor authentication solutions with technology that combines FIDO 2 security standards with a frictionless user experience and an easy-to-manage platform that minimizes the burden on IT administrators.
The benefits of MFA solutions
MFA technology protects networks, workflows, sensitive data, and users by requiring more than one source of validation when granting a user account access to applications and services. With MFA solutions, users must successfully present at least two types of strong authentication credentials from different categories:
Something they know. This type of authentication is based on knowledge and could be a password or a PIN.
Something they are. This passwordless category of authentication is contextual or biometric. MFA solutions for passwordless authentication may authenticate a user via a fingerprint scan, facial recognition, a voice or speech pattern, or through contextual signals such as device, location, or time of access. An adaptive MFA may combine these forms of verification for an extra layer of security.
Something they have. This token-based form of authentication could be a one-time password (OTP), a passkey, a push notification to a mobile app, a smart card, or key fob.
The benefits of MFA user identity verification services are significant. Organizations that use MFA in their security posture are significantly less likely to be compromised than those that do not. MFA streamlines secure access to all environments, including cloud, VPN, SaaS, on-premises, web-based, and IaaS applications. And MFA technology is an essential component for migrating enterprise cybersecurity to frameworks such as Zero Trust and SSE.
However, while traditional MFA solutions offer significantly greater protection against breaches, they can nevertheless be bypassed by attackers. Cybercriminals have developed relatively simple yet highly effective social engineering and phishing techniques that take advantage of critical security weaknesses in standard MFA solutions. To defend against these attacks, organizations can implement MFA solutions based on the FIDO2 standard which prevents phishing by cryptographically binding authentication to the legitimate website domain.
MFA solutions from Akamai
The Akamai MFA service enables organizations to take advantage of the secure functionalities of FIDO2, while eliminating the challenges of using this highly secure standard. Some MFA solutions built on the FIDO2 standard require the use of physical FIDO2 security keys, which are both costly and cumbersome. In the past, to get the best FIDO2-based security measures, IT teams had to purchase physical hardware tokens for every employee, and manage the distribution and operation of all keys. Users were faced with a less-than-ideal MFA experience that required them to use and keep track of another piece of hardware.
Akamai MFA provides highly secure, phish-proof dentity and access management (IAM) technology without the need for physical security keys. Akamai’s solution digitizes the security of FIDO2 using a smartphone app and a web browser, and combines it with the user friendly, familiar experience of a push notification with compatibility across any platform as a roaming authenticator.
With Akamai MFA, businesses can:
- Reduce the risk of unauthorized access deploying an MFA solution that can’t be subverted by phishing and social engineering attacks
- Deploy MFA solutions rapidly on existing smartphones, avoiding the delays typically caused when needing to distribute physical security keys or issuing compatible hardware
- Provide users with a frictionless authentication experience that leverages their smartphones and uses familiar push notifications
- Reduce total cost of ownership (TCO) by using an existing smartphone and web browser to digitize FIDO2 security, avoiding the need to purchase, replace, and maintain additional hardware
- Support Zero Trust security by implementing the strongest possible authentication and authorization protocols
- Future-proof investments in MFA security with a cloud-based MFA solution built to evolve to support future use cases
How Akamai MFA works
Akamai MFA offers unrivaled security and ease-of-use via frictionless push notification. With Akamai’s configurable authentication factors, IT teams can select the forms of authentication needed for specific use cases, including phish-proof push, standard push, TOTP (time-based one-time password), and SMS (Short Message Service). Akamai also integrates easily with market-leading IdP (identity provider) solutions, and provides a rich set of reporting features to keep the administrative team informed of authentication events. To reduce the burden on admins, Akamai offers various low-friction self-service methods that enable users to easily enroll and register their devices.
The Akamai MFA solution authenticates users via an easy, six-step process.
- The user provides a username and password to a primary authenticator app such as Microsoft Entrar ID.
- After validating the credentials, the primary authenticator connects to Akamai MFA to generate a second factor.
- Akamai renders a page where the user can select an authentication factor.
- Akamai MFA sends a challenge such as a phish-proof push to the user’s smartphone.
- Once the user responds, Akamai passes control back to the primary authenticator.
- The primary authenticator allows the user to access the requested service or application.
Frequently Asked Questions
By making it harder for unauthorized users to gain access to enterprise networks, MFA technology dramatically improves enterprise security. MFA solutions are also an integral part of security frameworks such as Zero Trust and SASE.
TOTP stands for time-based one-time password. It is an authentication mechanism that generates a unique six-digit code every 30 seconds. The code is based on a shared secret key between the user and the authentication system. It is typically used as a two-factor authentication method, where the user is required to enter the code in addition to their username and password.
SMS stands for Short Message Service, and is a type of text message that is sent from one mobile device to another. SMS messages are limited in length, typically up to 160 characters.
FIDO2 is an open authentication standard developed by the FIDO Alliance that enables users to securely authenticate to websites and applications with biometrics or a security key instead of a password. FIDO2 provides strong two-factor authentication and is designed to be more secure and easier to use than traditional password-based authentication methods.
Why customers choose Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence.
